This check was used to make sure we don't bump Go versions independently
(Linux/Windows). The Dockerfile switched to using a build-arg to allow
overriding the Go version, which rendered this check non-functional.
It also fails if Linux versions use a specific variant of the image;
08:41:31 ERROR: Failed 'ERROR: Mismatched GO versions between Dockerfile and Dockerfile.windows. Update your PR to ensure that both files are updated and in sync. ${GO_VERSION}-stretch ${GO_VERSION}' at 07/20/2019 08:41:31
08:41:31 At C:\gopath\src\github.com\docker\docker\hack\ci\windows.ps1:448 char:9
08:41:31 + Throw "ERROR: Mismatched GO versions between Dockerfile and D ...
08:41:31 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This patch fixes the check by looking for the value of `GO_VERSION` instead
of looking at the `FROM` line (which is harder to parse).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4fa57a8191b1d23c6466725b688519f83c0ac5dd)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: a2d32c5654a206954fd0d9a5fd08abd8c03d4523
Component: engine
This allows overriding the version of Go without making modifications in the
source code, which can be useful to test against multiple versions.
For example:
make GO_VERSION=1.13beta1 shell
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c6281bc4383b7f9eab617fd73601e8594c93365b)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Conflicts:
* Dockerfile, Dockerfile.e2e, Dockerfile.simple, Dockerfile.windows:
(due to Go version difference, missing CROSS etc.)
Upstream-commit: d9ba337adb0c3880acd34ffe9b0a15717990876b
Component: engine
We can do that now as we're no longer carrying archive/tar.
Note that latest vndr removes vendor/ subdir so we don't have to,
thus the change in hack/validate/vendor.
While at it, re-run a new vndr version to make sure everything
that should be there is.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit ce858feb6ac124b3a42400b857e480ef98710164)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 2f2588f137f642b0c1520e8a41ec731040d0b336
Component: engine
It's that time of year again! Go 1.11 is released, time to use it.
This commit also
* removes our archive/tar fork, since upstream archive/tar
is fixed for static builds, and osusergo build tag is set.
* removes ENV GO_VERSION from Dockerfile as it's not needed
anymore since PR #37592 is merged.
[v2: switch to beta2]
[v3: switch to beta3]
[v4: rc1]
[v5: remove ENV GO_VERSION as PR #37592 is now merged]
[v6: rc2]
[v7: final!]
[v8: use 1.11.0]
[v9: back to 1.11]
[v8: use 1.11.0]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 10fd0516b9f9f04d0f0e2c0755e704303f1a487f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: ebf396050d6e977df2669d5e7d3f38098719f7c2
Component: engine
We would like to use a version with .0 suffix (like 1.11.0) in
Dockerfile, so that once a .1 version is out (like 1.11.1) we
won't accidentally switch to it.
Unfortunately it's not possible to use .0 suffix currently
as it breaks the check in make.ps1. This patch fixes that.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 8ad648b59a2993156586458cc9ff8dcbc89b86e4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: dc5371b4134dd6474a467308da85daaa27914a64
Component: engine
comparing PR commit(s) to HEAD of moby/moby master branch and if founds
new (or renamed) integration tests will run stress tests for them.
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
(cherry picked from commit 8a8fd37f6fb53716cb4b3a7e93e1e3cf385927e2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: e5c0923b277055c977994ebfdc689346c3104a16
Component: engine
Looks like -i (together with DOCKER_INCREMENTAL_BINARY etc)
were used to get faster incremental builds.
Nowdays (since Go 1.10) this is no longer the case, as
go build cache is used [1]. Here's a quote:
> You do not have to use "go test -i" or "go build -i" or
> "go install" just to get fast incremental builds. We will
> not have to teach new users those workarounds anymore.
> Everything will just be fast.
To enable go cache between builds, add a volume for /root/.cache.
[1] https://groups.google.com/forum/#!msg/golang-dev/qfa3mHN4ZPA/X2UzjNV1BAAJ
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit bdcd81d3301a053eefc320de16ac842ec47ed459)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 0f190f798f7b9f90bd008fe8fb0fc087ec965642
Component: engine
Checks for environment variable VERSION if it exists then it sets dockerVersion to VERSION
Signed-off-by: corbin-coleman <corbin.coleman@docker.com>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
(cherry picked from commit edc639e99f21d0dd814581858d02787c23ba1599)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 238951ac3a78a8517d7764de0f48b8ded28441e2
Component: engine
full diff: c9029898e3...872f0a83c9
- docker/libnetwork#2354 [18.09 backport] Cleanup the cluster provider when the agent is closed
- backport of docker/libnetwork#2307 Fix for problem where agent is stopped and does not restart
- fixesdocker/for-linux#495 Docker swarm overlay networking not working after --force-new-cluster
- docker/libnetwork#2369 [18.09 BACKPORT] Pick a random host port if the user does not specify a host port
- backport of docker/libnetwork#2368 (windows) Pick a random host port if the user does not specify a host port
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 5354408039681020f9ad6afe4bf696fc90f9ce69
Component: engine
[18.09 backport] test-fixes and updates, and fix images filter when use multi reference filter
Upstream-commit: 82a2b8882e5a9dc2ba4389f589ad28dc9cee0d57
Component: engine
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit bc80e8df3e6300354305f81a4c0c48b855a1776b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d5a0ffa172a012e388d5b31edf332acc264b39b6
Component: engine
I noticed this error in CI:
```
20:37:25 INFO: Non-base image count on control daemon to delete is 9
20:37:25 "docker rmi" requires at least 1 argument.
20:37:25 See 'docker rmi --help'.
20:37:25
20:37:25 Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
20:37:25
20:37:25 Remove one or more images
```
Which indicated that the PowerShell script managed to find images to delete, but
not actually passing the images to `docker rmi`.
The reason for this failing was that the script attempted to convert the
collection/array to a string, which produces;
```powershell
Write-Output $(docker images --format "{{.Repository}}:{{.ID}}" | `
>> select-string -NotMatch "windowsservercore" | `
>> select-string -NotMatch "nanoserver" | `
>> select-string -NotMatch "docker" `
>> ).ToString()
System.Object[]
```
Which, when trying to split by the chosen separator (`:`), will return the same;
```powershell
Write-Output "System.Object[]".Split(":")[0]
```
This patch:
- Adds an intermediate variable (`$allImages`) to make the code better readable
- Switches the separator to `#`, to prevent breaking on images pulled from a
repository with a port in its name (`myregistry:5000/my/image`)
- Switches to use a comma-separated list for `-NotMatch` (for readability)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5580b79813d3a5d2a7b83bcf1607839a5b0f468d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 74fe2c044f56e58356e9f598e5b08d94e676bbd4
Component: engine
This patch replaces PowerShell aliases for their real commands, see https://blogs.technet.microsoft.com/heyscriptingguy/2012/04/21/when-you-should-use-powershell-aliases/
For example;
- use `Get-Location` instead of `pwd`
- use `Set-Location` instead of `cd`
- use `ForEach-Object` instead of the `%` shorthand
- use `Write-Output` instead of `echo`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6130c89ccec5262c25b91b3226a6ef2240bfde3b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 4f0911d9122bf73d7efb90a50444cd6e52a09a96
Component: engine
Fixed some mixed/tabs spaces for indentation, and used
tabs for auto-generated Go code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0f8b616c0c8f959ac4b29f29a8716b8cb7ea28fd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 73e5951b2e3c13ce84781d28b08cdc1958fb6224
Component: engine
Notable Updates
- Fix an issue that non-existent parent directory in image layers is created with permission 0700. containerd#3017
- Fix an issue that snapshots of the base image can be deleted by mistake, when images built on top of it are deleted. containerd#3087
- Support for GC references to content from snapshot and container objects. containerd#3080
- cgroups updated to dbea6f2bd41658b84b00417ceefa416b97 to fix issues for systemd 420 and non-existent cgroups. containerd#3079
- runc updated to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 to include the improved fix for CVE-2019-5736. containerd#3082
- cri: Fix a bug that pod can't get started when the same volume is defined differently in the image and the pod spec. cri#1059
- cri: Fix a bug that causes container start failure after in-place upgrade containerd to 1.2.4+ or 1.1.6+. cri#1082
- cri updated to a92c40017473cbe0239ce180125f12669757e44f. containerd#3084
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 25cdae293fedb18f3538788d629d6e4475acaa4b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 6c715008627a9ff2073e932d5c792dc7bc1f2f01
Component: engine
Signed-off-by: John Howard <jhoward@microsoft.com>
This is a follow-on from https://github.com/moby/moby/pull/38277
but had to be done in a couple of stages to ensure that CI didn't
break. v1.1 of the busybox image is now based on a CMD of "sh"
rather than using an entrypoint. And it also uses the bin directory
rather than `c:\busybox`. This makes it look a lot closer to the
Linux busybox image, and means that a couple of Windows-isms in
CI tests can be reverted back to be identical to their Linux
equivalents.
(cherry picked from commit 561e0f6b7fc256c160292b32695cf1d6150741db)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 613c2f27ed2e7d65474c2f3e786d9e24e757d99d
Component: engine
- Fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
6635b4f0c6,
- Includes security fix for `runc run --no-pivot` (`DOCKER_RAMDISK=1`):
28a697cce3
(NOTE: the vuln is attackable only when `DOCKER_RAMDISK=1` is set && seccomp is disabled)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f03698b69a7777b8d30b9c5897504f8704b87676)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: c7fca75c035ba0b750f46a9676a376f8e4409f15
Component: engine
This reverts commit eb137ff1765faeb29c2d99025bfd8ed41836dd06, reversing
changes made to a79fabbfe84117696a19671f4aa88b82d0f64fc1.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 88330c9aac5556d0abc7a5afcb4d906604a07fa2
Component: engine
Here's what happens:
1. One runs `make binary` once
2. Days go by...
3. One makes changes to dockerd sources
4. One runs `make test-integration` to test the changes
5. One spends a long time figuring out why on Earth
those changes in step 3 are ignored by step 4.
6. One writes this patch
7. ...
8. PROFIT!!
OK, so `make test-integration` builds a dockerd binary
in bundles/dynbinary-daemon/, when starts a daemon instance
for testing. The problem is, the script that starts the
daemon sets PATH to try `bundles/binary-daemon/` first,
and `bundles/dynbinary-daemon/` second.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 228bc35e824d09a6f40d60619808462124f0af31)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: e9ecd5e486c591979e34782025bb849f7faf8eba
Component: engine
CIs are assumed to do a git fetch and git merge before running tests.
Therefore, no need for a git fetch inside our validate scripts in CI.
If VALIDATE_ORIGIN_BRANCH is set, then git fetch is skipped and
VALIDATE_ORIGIN_BRANCH is used in validate scripts.
Otherwise, behavior is unchanged.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit feb70fd5c9e2fb3f300e953dd83053f0830f3895)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 7b9ec00eec7ffe745ebd2f807daa50d84b3e10e7
Component: engine
When running CI in other repositories (e.g. Docker's downstream
docker/engine repository), or other branches, the validation
scripts were calculating the list of changes based on the wrong
information.
This lead to weird failures in CI in a branch where these values
were not updated ':-) (CI on a pull request failed because it detected
that new tests were added to the deprecated `integration-cli` test-suite,
but the pull request did not actually make changes in that area).
This patch allows overriding the target repository (and branch)
to compare to (without having to edit the scripts).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2a08f33166247da9d4c09d4c6c72cbb8119bf8df)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 748f37022df465c39a76461c4970f4c678f629e3
Component: engine
A git bundle allows us keep the same SHA, giving us the ability to
validate our patch against a known entity and allowing us to push
directly from our private forks to public forks without having to
re-apply any patches.
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 03dfb0ba53cc5f64b746a25aa5ed8a48763ea223
Component: engine
- Fix a bug that a container can't be stopped or inspected when its corresponding image is deleted
- Fix a bug that the cri plugin handles containerd events outside of k8s.io namespace
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 27cc170d2891f25ab066620e8fe94d62f81b9aa3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: f80c6d7ae15443f15c014ddbd17e30cfac47b906
Component: engine
This includes a patch on top of containerd 1.2.1 to handle fifo
timeouts.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit e5d9d721626958a37dccfa0b234d9fc96d8c2bfb)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Upstream-commit: d161dfe1a36929a03ee3dfa916d296abfd4ccef1
Component: engine
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 14c8b67e51a8340284dfd8919843ce9edd1e5c71)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 9c93de59da8eaa0e0e0377578a33b465b9465bb2
Component: engine
